• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question PTR value part of email SPF configuration

Ehud

Ehud

Basic Pleskian
Server operating system version
OS version: Ubuntu 22.04 x86_64 Server version: Apache/2.4.57 (Ubuntu) Server built: 2023-04-08T12:56:02nginx version: nginx/1.22.1
Plesk version and microupdate number
Product version: Plesk Obsidian 18.0.52.3 OS version: Ubuntu 22.04 x86_64 Build date: 2023/05/16 12:00 Revision: a3b74dbc9de2e47afd4e532d02fa7759b29d3fa5
Hi,

According to this post, PTR could part of the SPF. This is a reverse DNS chackup to the best of my understanding.

May I ask if it's automatically supported by a Plesk server? Only on shared hosting?

And if not, what should be done:

1) To achieve the value (hosting provider service? CLI?)

2) Can you please provide an example for its implementation in an SPF, TXT DNS record.

• Matches if the DNS PTR record for the sending mail server’s IP address is in the SPF record’s domain and the DNS A or AAAA record received from the PTR lookup resolves to the sending mail server’s IP address
• Optionally, another domain can be provided, and the sending mail server’s PTR and A or AAAA records will be checked for a match with that domain instead.
• This mechanism is deprecated and should not be used.
Click to expand...
 
The SPF can be edited in your DNS settings for however you need but the PTR is set by your hoster and you're limited to one domain per IP address. If you have multiple IPs assigned to your server and you assigned a different IP for each domain then each IP could have it's own PTR, otherwise if you only have 1 IP address that is shared between multiple domains then you're limited to whichever you've assigned it to. In my case I've configured my PTR to rDNS to my server's hostname of akheera.simon-soft.com which makes other email servers happy as is since the HELO responses with akheera.simon-soft.com.
 
Using the PTR mechanism in a SPF record seems to be highly discouraged according to these sources:

knowledge.ondmarc.redsift.com

PTR mechanism in an SPF record | OnDMARC Help Center

What is a ptr record, how does it work and why it should not be used as a mechanism in an SPF record?
knowledge.ondmarc.redsift.com knowledge.ondmarc.redsift.com
dmarcian.com

PTR mechanisms in SPF records - dmarcian

If PTR mechanisms are detected, the current diagnostic output is: Warning: PTR mechanisms SHOULD NOT be used and cannot be resolved using this diagnostic tool. What does the PTR mechanism mean? When an email receiver gets a piece of email and the PTR mechanism is in the sender’s SPF record...
dmarcian.com dmarcian.com
serverfault.com

What problems are there with the SPF ‘ptr’ mechanism?

One of the mechanisms in SPF is ptr. This mechanism checks that a sender using some domain name connects from a (forward-confirmed) IP address pointing to a subdomain of that name. For example, when
serverfault.com serverfault.com
 
oh and that too, forgot to mention that in all spf records I've created, I had never added the ptr record inside the spf record because of what kaspar pointed out.
 
I would suggest you forget of PTR and focus on strong SPF records making sure they are not duplicated or most email providers will reject email coming from your server.
The template we use and works fine is:

v=spf1 a mx a:<domain> ip4:<ip> ~all

- if you use ip6 may add it as well
 
jorge ceballos said:
[...] The template we use and works fine is: v=spf1 a mx a:<domain> ip4:<ip> ~all
Click to expand...

@jorge ceballos although your SPF record isn't wrong and might be a good fit for your use case, I do like to point out that it looks like you're using redundant mechanisms. The a and a:<domain> mechanisms accomplish the same. Most likely the mx and ip4:<ip> are too. As far as I can tell all mechanisms point to the same IP address.

Now, there isn't a one sizes fits all solution when it comes to SPF records. So a degree of redundant mechanisms is to be expected (but not necessary). An example of a SPF template record that's useable in most scenario's when using Plesk would be v=spf1 a mx a:<hostname> -all. A more strict example would simply be v=spf1 a:<hostname> -all.

Also, when possible, it's usually best to avoid soft fail in SPF records (but I know opinions differ on this subject).
 
You must log in or register to reply here.

Similar threads

E
Issue Several understanding errors in my postfix
Replies
4
Views
6K
estanis
E
O
Issue Wrong TXT record implementation in Plesk DNS
Replies
6
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
T
Question Reverse DNS is not a valid Hostname (crazy...)
Replies
4
Views
2K
Tomas.Michal
T
E
Resolved Need Help configuring server records for my domain
Replies
5
Views
2K
eggih
E
J
Resolved Unable to send & receive emails after Dist Upgrade & DNS changes
Replies
2
Views
1K
Johnny9977
J
Back
Top